How severe is CVE-2024-7035?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.9 out of 10.

What type of vulnerability is CVE-2024-7035?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-7035 - MEDIUM Severity | CVSS 6.9

Vulnerability Description

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform sensitive actions by simply visiting a malicious site or through top-level navigation. The affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads. This impacts both the availability and integrity of the application.

Related Vulnerabilities

CVE-2024-3642

MEDIUM

CVSS:6.9(Medium)

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack

CWE-3522024

CVE-2022-3274

HIGH

CVSS:7.0(High)

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.

CWE-3522022

CVE-2017-1000147

MEDIUM

CVSS:6.8(Medium)

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. T...

CWE-3522017